漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
漏洞信息
N/A
漏洞
N/A
漏洞
LinPHA多个目录遍历漏洞
漏洞信息
LinPHA 1.0中存在目录遍历漏洞。远程攻击者可以借助(1)docs/index.php中lang参数和(2) install/install.php、(3) install/sec_stage_install.php、(4) install/third_stage_install.php和(5) install/forth_stage_install.php的language参数(该参数中包含..)序列包含任意文件。 注意:可由此问题导致直接静态代码注入,如将PHP代码插入用户名所演示的那样,用户名
漏洞信息
N/A
漏洞
N/A